Virtualization Technology News and Information
Security, Compliance and Skills - Operationalizing Data Management with Kubernetes to Fill Cloud Native Gaps

By Gaurav Rishi, Head of Product, Kasten

The explosion of cloud native adoption has thrust us into a new world of technology and operations. To say cloud native, and the ecosystem of technologies that accompany it - containers, microservices, Kubernetes, etc. - have been disruptive, is an understatement. There has been immense value creation in the process by a growing number of cloud-native companies - the average value creation per year (as measured by Market Cap increase since IPO) has been a staggering $29B/year compared to the historical $4B/year that we saw with earlier generation companies.  Simply put, the adoption of Kubernetes as the container control plane of choice coupled with the influence of DevOps is making a sustained impact across industries to the point where it's redefining the operations of entire industries.

Houston, there is a problem...

However, this influx of new infrastructure and applications have compounded the responsibilities of IT and operations teams across development, deployment, and security functions. The scale of Kubernetes environments and the ubiquity of multi-cluster usage across development, operations and security teams, as well as across availability zones, regions, clouds, and on-premises data centers makes this challenge increasingly complex. The unfortunate byproduct of this is the potential to create down range issues commonly associated with Day 2 operations - gaps in data protection, security and compliance in particular. This is further exacerbated with the fact that the ratio of number of applications to operations team members is increasing - more to do with less people. Hardly a day goes by without some news about vulnerabilities, exposed data, and ransomware - issues that operations and IT teams need to get ahead of.

Rise of DevSecOps

One way to address these risks is to push the critical elements of Data Management typically reserved for Day 2 increasingly leftward, before applications are deployed, to ensure that vital mistakes are identified and remedied before any significant damage occurs. Additionally, there is a shift to a more collaborative  mindset - development and operations working together to embed security constructs right from the start and maintaining that interlock continuously across the deployment and operations cycle. From a Data Management perspective, a good Kubernetes-native data solution needs to be developer friendly as well as automate critical functions to allow the operations teams to scale. Data Management functions like backup and compliance must allow entire applications to be automatically discovered and protected so that not only is there continuous protection but also a last line of defense to enable recovery.  

Compliance Can't be the Weakest Link

Organizations must not only maintain compliance with key regulations, but also show proof of that compliance. The alternatives, aside from introducing unchecked risks, are facing fines from regulators, reputational damage, customer loss and business disruption. Accordingly, procedures and strategies must be adapted to ensure that cloud-native systems and applications, which rely on Kubernetes, meet the same standards originally written for legacy IT architectures. The distributed and dynamic nature of containerized applications might make this seem extremely complex, but automating compliance and auditing at the application level is a very real Kubernetes-native capability that can be done successfully at cloud-native scale.

However, managing the compliance of Kubernetes environments, again with legacy tooling, does not work. Traditional security and compliance tools working at the hypervisor level never see application activity in the cloud-native environment where the application microservices are dynamically distributed across multiple servers and hypervisors. Moreover, legacy tooling is not built for the agility, flexibility and speed offered by cloud-native and expected to support DevOps processes - it can be extremely limiting for developers.

Operationalizing Data Management using Kubernetes-native constructs make compliance strategies significantly more seamless, balancing the needs of IT teams with the rigors of industry standards and regulations. Application-centric data management, instead of at the infrastructure or storage layers, can help organizations maintain scale by ensuring business policy compliance without having to deal with the practically limitless number of components that make up a modern application environment.

Data Management Is No Longer Just A Production Task

Data Management for containerized applications is now being baked into the fundamental building blocks for faster path to production. The DevSecOps stack now needs to contain Kubernetes-native Data management capabilities so that applications can be protected and compliance concerns mentioned above are proactively addressed. Additionally, the Data Management solution needs to support forward looking policies. These policies allow the runtime stack to automatically detect when a new application is introduced into the Kubernetes cluster and ensure that these applications are not only automatically detected but also protected without any manual intervention from the operations team. This shift-left approach to building data management capabilities into a golden stack reduces compliance checks from days to hours as well as allow for a regular tear-down and recreation of clusters with the application and data brought up in a matter of minutes to ensure security best practices.

Remedying the Skills Gap

Traditionally, IT roles were specialized. Cross-functional skill sets were the domain of senior team members. However, Kubernetes has fundamentally changed IT - not only has it helped to usher in the era of DevSecOps, in many organizations today it serves as the underpinning of virtually all IT roles - development, operations, networking, security and storage. Once a Kubernetes-orchestrated container is in production (or an application is made available to users), it becomes part of an organization's operational fabric. Maintaining its uptime, and the business functions that rely on it, becomes a critical mandate for the wider operations team.

To alleviate the talent gap, Kubernetes-native Data Management solutions must allow the applications to be transparently backed up without requiring the operations team to know the underlying details of the cloud-native application. There needs to be a way to automatically discover the application components, the dependencies to the underlying infrastructure such as storage classes and also the Kubernetes objects. Additionally, the operations teams need to have a choice of using Kubernetes-native tooling such as Prometheus, etc. to automate Data Management workflows while at the same time allowing for a simple user interface to enable even the most novice of users to become productive.   

Kubernetes-native functionality that can help reprioritize data management operations so they come earlier in the development process, coupled with automation to alleviate resource constraints, should be a serious consideration for cloud-native businesses. Properly integrated and operationalized Kubernetes-native data management will accelerate the production journey by providing greater visibility into Kubernetes systems and hiding some of the complexities of the underlying platform that can make integrations difficult for inexperienced or resource-strapped teams. The stronger the Kubernetes-native ecosystem becomes beyond data management, security and compliance, the more robust and strategic cloud-native infrastructure and containerized applications will become for an organization.


***To learn more about containerized infrastructure and cloud native technologies, consider joining us at KubeCon + CloudNativeCon NA Virtual, November 17-20.

About the Author

Gaurav Rishi, Head of Product, Kasten

Gaurav Rishi 

Gaurav Rishi is Head of Product at Kasten. He previously led Strategy and Product Management for Cisco's Cloud Media Processing business. In addition to launching multiple products and growing them to >$100M in revenues, he was also instrumental in several M&A transactions. An engineer at heart, Gaurav is a computer science graduate and has an MBA from the Wharton School.

Published Monday, November 09, 2020 7:40 AM by David Marshall
There are no comments for this post.
To post a comment, you must be a registered user. Registration is free and easy! Sign up now!
<November 2020>